From 9dede6eed23f7f470ed0bc5426425059521b46fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Thu, 19 Feb 2026 13:55:01 +0100 Subject: [PATCH 1/4] [FIX] auth_jwt: fix tests Odoo test runner now complains if new methods/attributes have been added to a model during a test and not cleaned-up. We fix that with a context manager that does the cleanup. --- auth_jwt/tests/test_auth_jwt.py | 518 +++++++++++++++++--------------- 1 file changed, 277 insertions(+), 241 deletions(-) diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py index 6a87e87cbc..71d5b7a093 100644 --- a/auth_jwt/tests/test_auth_jwt.py +++ b/auth_jwt/tests/test_auth_jwt.py @@ -65,6 +65,7 @@ def _create_token( payload["nbf"] = nbf return jwt.encode(payload, key=key, algorithm="HS256") + @contextlib.contextmanager def _create_validator( self, name, @@ -74,7 +75,7 @@ def _create_validator( partner_id_required=False, static_user_id=1, ): - return self.env["auth.jwt.validator"].create( + v = self.env["auth.jwt.validator"].create( dict( name=name, signature_type="secret", @@ -88,202 +89,237 @@ def _create_validator( partner_id_required=partner_id_required, ) ) + try: + yield v + finally: + v.unlink() def test_missing_authorization_header(self): - self._create_validator("validator") - with self._mock_request(authorization=None): - with self.assertRaises(UnauthorizedMissingAuthorizationHeader): - self.env["ir.http"]._auth_method_jwt(validator_name="validator") + with self._create_validator("validator"): + with self._mock_request(authorization=None): + with self.assertRaises(UnauthorizedMissingAuthorizationHeader): + self.env["ir.http"]._auth_method_jwt(validator_name="validator") def test_malformed_authorization_header(self): - self._create_validator("validator") - for authorization in ( - "a", - "Bearer", - "Bearer ", - "Bearer x y", - "Bearer token ", - "bearer token", - ): - with self._mock_request(authorization=authorization): - with self.assertRaises(UnauthorizedMalformedAuthorizationHeader): - self.env["ir.http"]._auth_method_jwt(validator_name="validator") + with self._create_validator("validator"): + for authorization in ( + "a", + "Bearer", + "Bearer ", + "Bearer x y", + "Bearer token ", + "bearer token", + ): + with self._mock_request(authorization=authorization): + with self.assertRaises(UnauthorizedMalformedAuthorizationHeader): + self.env["ir.http"]._auth_method_jwt(validator_name="validator") def test_auth_method_valid_token(self): - self._create_validator("validator") - authorization = "Bearer " + self._create_token() - with self._mock_request(authorization=authorization): - self.env["ir.http"]._auth_method_jwt_validator() + with self._create_validator("validator"): + authorization = "Bearer " + self._create_token() + with self._mock_request(authorization=authorization): + self.env["ir.http"]._auth_method_jwt_validator() def test_auth_method_valid_token_two_validators_one_bad_issuer(self): - self._create_validator("validator2", issuer="http://other.issuer") - self._create_validator("validator3") - - authorization = "Bearer " + self._create_token() - with self._mock_request(authorization=authorization): - # first validator rejects the token because of invalid audience - with self.assertRaises(UnauthorizedInvalidToken): - self.env["ir.http"]._auth_method_jwt_validator2() - # second validator accepts the token - self.env["ir.http"]._auth_method_jwt_validator3() + with ( + self._create_validator("validator2", issuer="http://other.issuer"), + self._create_validator("validator3"), + ): + authorization = "Bearer " + self._create_token() + with self._mock_request(authorization=authorization): + # first validator rejects the token because of invalid audience + with self.assertRaises(UnauthorizedInvalidToken): + self.env["ir.http"]._auth_method_jwt_validator2() + # second validator accepts the token + self.env["ir.http"]._auth_method_jwt_validator3() def test_auth_method_valid_token_two_validators_one_bad_issuer_chained(self): - validator2 = self._create_validator("validator2", issuer="http://other.issuer") - validator3 = self._create_validator("validator3") - validator2.next_validator_id = validator3 + with ( + self._create_validator( + "validator2", issuer="http://other.issuer" + ) as validator2, + self._create_validator("validator3") as validator3, + ): + validator2.next_validator_id = validator3 - authorization = "Bearer " + self._create_token() - with self._mock_request(authorization=authorization): - # Validator2 rejects the token because of invalid issuer but chain - # on validator3 which accepts it - self.env["ir.http"]._auth_method_jwt_validator2() + authorization = "Bearer " + self._create_token() + with self._mock_request(authorization=authorization): + # Validator2 rejects the token because of invalid issuer but chain + # on validator3 which accepts it + self.env["ir.http"]._auth_method_jwt_validator2() def test_auth_method_valid_token_two_validators_one_bad_audience(self): - self._create_validator("validator2", audience="bad") - self._create_validator("validator3") - - authorization = "Bearer " + self._create_token() - with self._mock_request(authorization=authorization): - # first validator rejects the token because of invalid audience - with self.assertRaises(UnauthorizedInvalidToken): - self.env["ir.http"]._auth_method_jwt_validator2() - # second validator accepts the token - self.env["ir.http"]._auth_method_jwt_validator3() + with ( + self._create_validator("validator2", audience="bad"), + self._create_validator("validator3"), + ): + authorization = "Bearer " + self._create_token() + with self._mock_request(authorization=authorization): + # first validator rejects the token because of invalid audience + with self.assertRaises(UnauthorizedInvalidToken): + self.env["ir.http"]._auth_method_jwt_validator2() + # second validator accepts the token + self.env["ir.http"]._auth_method_jwt_validator3() def test_auth_method_valid_token_two_validators_one_bad_audience_chained(self): - validator2 = self._create_validator("validator2", audience="bad") - validator3 = self._create_validator("validator3") - - validator2.next_validator_id = validator3 - authorization = "Bearer " + self._create_token() - with self._mock_request(authorization=authorization): - self.env["ir.http"]._auth_method_jwt_validator2() + with ( + self._create_validator("validator2", audience="bad") as validator2, + self._create_validator("validator3") as validator3, + ): + validator2.next_validator_id = validator3 + authorization = "Bearer " + self._create_token() + with self._mock_request(authorization=authorization): + self.env["ir.http"]._auth_method_jwt_validator2() def test_auth_method_invalid_token(self): # Test invalid token via _auth_method_jwt # Other types of invalid tokens are unit tested elswhere. - self._create_validator("validator4") - authorization = "Bearer " + self._create_token(audience="bad") - with self._mock_request(authorization=authorization): - with self.assertRaises(UnauthorizedInvalidToken): - self.env["ir.http"]._auth_method_jwt_validator4() + with self._create_validator("validator4"): + authorization = "Bearer " + self._create_token(audience="bad") + with self._mock_request(authorization=authorization): + with self.assertRaises(UnauthorizedInvalidToken): + self.env["ir.http"]._auth_method_jwt_validator4() def test_auth_method_invalid_token_on_chain(self): - validator1 = self._create_validator("validator", issuer="http://other.issuer") - validator2 = self._create_validator("validator2", audience="bad audience") - validator3 = self._create_validator("validator3", secret_key="bad key") - validator4 = self._create_validator( - "validator4", issuer="http://other.issuer", audience="bad audience" - ) - validator5 = self._create_validator( - "validator5", issuer="http://other.issuer", secret_key="bad key" - ) - validator6 = self._create_validator( - "validator6", audience="bad audience", secret_key="bad key" - ) - validator7 = self._create_validator( - "validator7", - issuer="http://other.issuer", - audience="bad audience", - secret_key="bad key", - ) - validator1.next_validator_id = validator2 - validator2.next_validator_id = validator3 - validator3.next_validator_id = validator4 - validator4.next_validator_id = validator5 - validator5.next_validator_id = validator6 - validator6.next_validator_id = validator7 - - authorization = "Bearer " + self._create_token() - with self._mock_request(authorization=authorization): - with self.assertRaises(UnauthorizedCompositeJwtError) as composite_error: - self.env["ir.http"]._auth_method_jwt_validator() - self.assertEqual( - str(composite_error.exception), - "401 Unauthorized: " - "Multiple errors occurred during JWT chain validation:\n" - "validator: 401 Unauthorized: " - "The server could not verify that you are authorized to " - "access the URL requested. You either supplied the wrong " - "credentials (e.g. a bad password), or your browser doesn't " - "understand how to supply the credentials required.\n" - "validator2: 401 Unauthorized: " - "The server could not verify that you are authorized to " - "access the URL requested. You either supplied the wrong " - "credentials (e.g. a bad password), or your browser doesn't " - "understand how to supply the credentials required.\n" - "validator3: 401 Unauthorized: " - "The server could not verify that you are authorized to " - "access the URL requested. You either supplied the wrong " - "credentials (e.g. a bad password), or your browser doesn't " - "understand how to supply the credentials required.\n" - "validator4: 401 Unauthorized: " - "The server could not verify that you are authorized to " - "access the URL requested. You either supplied the wrong " - "credentials (e.g. a bad password), or your browser doesn't " - "understand how to supply the credentials required.\n" - "validator5: 401 Unauthorized: " - "The server could not verify that you are authorized to " - "access the URL requested. You either supplied the wrong " - "credentials (e.g. a bad password), or your browser doesn't " - "understand how to supply the credentials required.\n" - "validator6: 401 Unauthorized: " - "The server could not verify that you are authorized to " - "access the URL requested. You either supplied the wrong " - "credentials (e.g. a bad password), or your browser doesn't " - "understand how to supply the credentials required.\n" - "validator7: 401 Unauthorized: " - "The server could not verify that you are authorized to " - "access the URL requested. You either supplied the wrong " - "credentials (e.g. a bad password), or your browser doesn't " - "understand how to supply the credentials required.", - ) + with ( + self._create_validator( + "validator", + issuer="http://other.issuer", + ) as validator1, + self._create_validator( + "validator2", + audience="bad audience", + ) as validator2, + self._create_validator( + "validator3", + secret_key="bad key", + ) as validator3, + self._create_validator( + "validator4", + issuer="http://other.issuer", + audience="bad audience", + ) as validator4, + self._create_validator( + "validator5", + issuer="http://other.issuer", + secret_key="bad key", + ) as validator5, + self._create_validator( + "validator6", + audience="bad audience", + secret_key="bad key", + ) as validator6, + self._create_validator( + "validator7", + issuer="http://other.issuer", + audience="bad audience", + secret_key="bad key", + ) as validator7, + ): + validator1.next_validator_id = validator2 + validator2.next_validator_id = validator3 + validator3.next_validator_id = validator4 + validator4.next_validator_id = validator5 + validator5.next_validator_id = validator6 + validator6.next_validator_id = validator7 + + authorization = "Bearer " + self._create_token() + with self._mock_request(authorization=authorization): + with self.assertRaises( + UnauthorizedCompositeJwtError + ) as composite_error: + self.env["ir.http"]._auth_method_jwt_validator() + self.assertEqual( + str(composite_error.exception), + "401 Unauthorized: " + "Multiple errors occurred during JWT chain validation:\n" + "validator: 401 Unauthorized: " + "The server could not verify that you are authorized to " + "access the URL requested. You either supplied the wrong " + "credentials (e.g. a bad password), or your browser doesn't " + "understand how to supply the credentials required.\n" + "validator2: 401 Unauthorized: " + "The server could not verify that you are authorized to " + "access the URL requested. You either supplied the wrong " + "credentials (e.g. a bad password), or your browser doesn't " + "understand how to supply the credentials required.\n" + "validator3: 401 Unauthorized: " + "The server could not verify that you are authorized to " + "access the URL requested. You either supplied the wrong " + "credentials (e.g. a bad password), or your browser doesn't " + "understand how to supply the credentials required.\n" + "validator4: 401 Unauthorized: " + "The server could not verify that you are authorized to " + "access the URL requested. You either supplied the wrong " + "credentials (e.g. a bad password), or your browser doesn't " + "understand how to supply the credentials required.\n" + "validator5: 401 Unauthorized: " + "The server could not verify that you are authorized to " + "access the URL requested. You either supplied the wrong " + "credentials (e.g. a bad password), or your browser doesn't " + "understand how to supply the credentials required.\n" + "validator6: 401 Unauthorized: " + "The server could not verify that you are authorized to " + "access the URL requested. You either supplied the wrong " + "credentials (e.g. a bad password), or your browser doesn't " + "understand how to supply the credentials required.\n" + "validator7: 401 Unauthorized: " + "The server could not verify that you are authorized to " + "access the URL requested. You either supplied the wrong " + "credentials (e.g. a bad password), or your browser doesn't " + "understand how to supply the credentials required.", + ) def test_invalid_validation_chain(self): - validator1 = self._create_validator("validator") - validator2 = self._create_validator("validator2") - validator3 = self._create_validator("validator3") - - validator1.next_validator_id = validator2 - validator2.next_validator_id = validator3 - with self.assertRaises(ValidationError) as error: - validator3.next_validator_id = validator1 - self.assertEqual( - str(error.exception), - "Validators mustn't make a closed chain: " - "validator3 -> validator -> validator2 -> validator3.", - ) + with ( + self._create_validator("validator") as validator1, + self._create_validator("validator2") as validator2, + self._create_validator("validator3") as validator3, + ): + validator1.next_validator_id = validator2 + validator2.next_validator_id = validator3 + with self.assertRaises(ValidationError) as error: + validator3.next_validator_id = validator1 + self.assertEqual( + str(error.exception), + "Validators mustn't make a closed chain: " + "validator3 -> validator -> validator2 -> validator3.", + ) def test_invalid_validation_auto_chain(self): - validator = self._create_validator("validator") - with self.assertRaises(ValidationError) as error: - validator.next_validator_id = validator - self.assertEqual( - str(error.exception), - "Validators mustn't make a closed chain: " "validator -> validator.", - ) + with self._create_validator("validator") as validator: + with self.assertRaises(ValidationError) as error: + validator.next_validator_id = validator + self.assertEqual( + str(error.exception), + "Validators mustn't make a closed chain: validator -> validator.", + ) def test_partner_id_strategy_email_found(self): partner = self.env["res.partner"].search([("email", "!=", False)])[0] - self._create_validator("validator6") - authorization = "Bearer " + self._create_token(email=partner.email) - with self._mock_request(authorization=authorization) as request: - self.env["ir.http"]._auth_method_jwt_validator6() - self.assertEqual(request.jwt_partner_id, partner.id) + with self._create_validator("validator6"): + authorization = "Bearer " + self._create_token(email=partner.email) + with self._mock_request(authorization=authorization) as request: + self.env["ir.http"]._auth_method_jwt_validator6() + self.assertEqual(request.jwt_partner_id, partner.id) def test_partner_id_strategy_email_not_found(self): - self._create_validator("validator6") - authorization = "Bearer " + self._create_token(email="notanemail@example.com") - with self._mock_request(authorization=authorization) as request: - self.env["ir.http"]._auth_method_jwt_validator6() - self.assertFalse(request.jwt_partner_id) + with self._create_validator("validator6"): + authorization = "Bearer " + self._create_token( + email="notanemail@example.com" + ) + with self._mock_request(authorization=authorization) as request: + self.env["ir.http"]._auth_method_jwt_validator6() + self.assertFalse(request.jwt_partner_id) def test_partner_id_strategy_email_not_found_partner_required(self): - self._create_validator("validator6", partner_id_required=True) - authorization = "Bearer " + self._create_token(email="notanemail@example.com") - with self._mock_request(authorization=authorization): - with self.assertRaises(UnauthorizedPartnerNotFound): - self.env["ir.http"]._auth_method_jwt_validator6() + with self._create_validator("validator6", partner_id_required=True): + authorization = "Bearer " + self._create_token( + email="notanemail@example.com" + ) + with self._mock_request(authorization=authorization): + with self.assertRaises(UnauthorizedPartnerNotFound): + self.env["ir.http"]._auth_method_jwt_validator6() def test_get_validator(self): AuthJwtValidator = self.env["auth.jwt.validator"] @@ -298,59 +334,59 @@ def test_get_validator(self): mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), ): AuthJwtValidator._get_validator_by_name("notavalidator") - validator1 = self._create_validator(name="validator1") - with ( - self.assertRaises(JwtValidatorNotFound), - mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), - ): - AuthJwtValidator._get_validator_by_name("notavalidator") - self.assertEqual(AuthJwtValidator._get_validator_by_name(None), validator1) - self.assertEqual( - AuthJwtValidator._get_validator_by_name("validator1"), validator1 - ) - # create a second validator - validator2 = self._create_validator(name="validator2") - with ( - self.assertRaises(AmbiguousJwtValidator), - mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), - ): - AuthJwtValidator._get_validator_by_name(None) - self.assertEqual( - AuthJwtValidator._get_validator_by_name("validator2"), validator2 - ) + with self._create_validator(name="validator1") as validator1: + with ( + self.assertRaises(JwtValidatorNotFound), + mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), + ): + AuthJwtValidator._get_validator_by_name("notavalidator") + self.assertEqual(AuthJwtValidator._get_validator_by_name(None), validator1) + self.assertEqual( + AuthJwtValidator._get_validator_by_name("validator1"), validator1 + ) + # create a second validator + with self._create_validator(name="validator2") as validator2: + with ( + self.assertRaises(AmbiguousJwtValidator), + mute_logger("odoo.addons.auth_jwt.models.auth_jwt_validator"), + ): + AuthJwtValidator._get_validator_by_name(None) + self.assertEqual( + AuthJwtValidator._get_validator_by_name("validator2"), validator2 + ) def test_bad_tokens(self): - validator = self._create_validator("validator") - token = self._create_token(key="badsecret") - with self.assertRaises(UnauthorizedInvalidToken): - validator._decode(token) - token = self._create_token(audience="badaudience") - with self.assertRaises(UnauthorizedInvalidToken): - validator._decode(token) - token = self._create_token(issuer="badissuer") - with self.assertRaises(UnauthorizedInvalidToken): - validator._decode(token) - token = self._create_token(exp_delta=-100) - with self.assertRaises(UnauthorizedInvalidToken): - validator._decode(token) + with self._create_validator("validator") as validator: + token = self._create_token(key="badsecret") + with self.assertRaises(UnauthorizedInvalidToken): + validator._decode(token) + token = self._create_token(audience="badaudience") + with self.assertRaises(UnauthorizedInvalidToken): + validator._decode(token) + token = self._create_token(issuer="badissuer") + with self.assertRaises(UnauthorizedInvalidToken): + validator._decode(token) + token = self._create_token(exp_delta=-100) + with self.assertRaises(UnauthorizedInvalidToken): + validator._decode(token) def test_multiple_aud(self): - validator = self._create_validator("validator", audience="a1,a2") - token = self._create_token(audience="a1") - validator._decode(token) - token = self._create_token(audience="a2") - validator._decode(token) - token = self._create_token(audience="a3") - with self.assertRaises(UnauthorizedInvalidToken): + with self._create_validator("validator", audience="a1,a2") as validator: + token = self._create_token(audience="a1") + validator._decode(token) + token = self._create_token(audience="a2") validator._decode(token) + token = self._create_token(audience="a3") + with self.assertRaises(UnauthorizedInvalidToken): + validator._decode(token) def test_nbf(self): - validator = self._create_validator("validator") - token = self._create_token(nbf=time.time() - 60) - validator._decode(token) - token = self._create_token(nbf=time.time() + 60) - with self.assertRaises(UnauthorizedInvalidToken): + with self._create_validator("validator") as validator: + token = self._create_token(nbf=time.time() - 60) validator._decode(token) + token = self._create_token(nbf=time.time() + 60) + with self.assertRaises(UnauthorizedInvalidToken): + validator._decode(token) def test_auth_method_registration_on_create(self): IrHttp = self.env["ir.http"] @@ -358,20 +394,19 @@ def test_auth_method_registration_on_create(self): self.assertFalse( hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") ) - self._create_validator("validator1") - self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) - self.assertTrue( - hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") - ) + with self._create_validator("validator1"): + self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) + self.assertTrue( + hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") + ) def test_auth_method_unregistration_on_unlink(self): IrHttp = self.env["ir.http"] - validator = self._create_validator("validator1") - self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) - self.assertTrue( - hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") - ) - validator.unlink() + with self._create_validator("validator1"): + self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) + self.assertTrue( + hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") + ) self.assertFalse(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) self.assertFalse( hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") @@ -379,28 +414,29 @@ def test_auth_method_unregistration_on_unlink(self): def test_auth_method_registration_on_rename(self): IrHttp = self.env["ir.http"] - validator = self._create_validator("validator1") - self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) - self.assertTrue( - hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") - ) - validator.name = "validator2" - self.assertFalse(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) - self.assertFalse( - hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") - ) - self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator2")) - self.assertTrue( - hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator2") - ) + with self._create_validator("validator1") as validator: + self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) + self.assertTrue( + hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") + ) + validator.name = "validator2" + self.assertFalse(hasattr(IrHttp.__class__, "_auth_method_jwt_validator1")) + self.assertFalse( + hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator1") + ) + self.assertTrue(hasattr(IrHttp.__class__, "_auth_method_jwt_validator2")) + self.assertTrue( + hasattr(IrHttp.__class__, "_auth_method_public_or_jwt_validator2") + ) def test_name_check(self): with self.assertRaises(ValidationError): - self._create_validator(name="not an identifier") + with self._create_validator(name="not an identifier"): + pass def test_public_or_jwt_valid_token(self): - self._create_validator("validator") - authorization = "Bearer " + self._create_token() - with self._mock_request(authorization=authorization) as request: - self.env["ir.http"]._auth_method_public_or_jwt_validator() - assert request.jwt_payload["aud"] == "me" + with self._create_validator("validator"): + authorization = "Bearer " + self._create_token() + with self._mock_request(authorization=authorization) as request: + self.env["ir.http"]._auth_method_public_or_jwt_validator() + assert request.jwt_payload["aud"] == "me" From d9bfe6b9b2d8b37c9647fd8b9d87a80a5d0c9bd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Thu, 19 Feb 2026 13:55:37 +0100 Subject: [PATCH 2/4] Update dotfiles --- .copier-answers.yml | 2 +- .github/workflows/pre-commit.yml | 1 + .github/workflows/test.yml | 7 +++++++ .pylintrc | 18 +++++++++--------- README.md | 5 +++-- checklog-odoo.cfg | 1 + 6 files changed, 22 insertions(+), 12 deletions(-) diff --git a/.copier-answers.yml b/.copier-answers.yml index bb275c6d83..f888986b75 100644 --- a/.copier-answers.yml +++ b/.copier-answers.yml @@ -1,5 +1,5 @@ # Do NOT update manually; changes here will be overwritten by Copier -_commit: v1.35 +_commit: v1.38 _src_path: git+https://github.com/OCA/oca-addons-repo-template additional_ruff_rules: [] ci: GitHub diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 5eb021ef15..852a07469b 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -17,6 +17,7 @@ jobs: - uses: actions/setup-python@v5 with: python-version: "3.11" + cache: 'pip' - name: Get python version run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV - uses: actions/cache@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5851b71598..a3e2701930 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -76,6 +76,13 @@ jobs: run: oca_init_test_database - name: Run tests run: oca_run_tests + - name: Upload screenshots from JS tests + uses: actions/upload-artifact@v4 + if: ${{ failure() }} + with: + name: Screenshots of failed JS tests - ${{ matrix.name }}${{ join(matrix.include) }} + path: /tmp/odoo_tests/${{ env.PGDATABASE }} + if-no-files-found: ignore - uses: codecov/codecov-action@v4 with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.pylintrc b/.pylintrc index d103ffcd9a..197cb67370 100644 --- a/.pylintrc +++ b/.pylintrc @@ -99,22 +99,22 @@ enable=anomalous-backslash-in-string, translation-positional-used, website-manifest-key-not-valid-uri, external-request-timeout, - # messages that do not cause the lint step to fail - consider-merging-classes-inherited, + missing-manifest-dependency, + too-complex,, create-user-wo-reset-password, dangerous-filter-wo-user, - deprecated-module, file-not-used, - invalid-commit, - missing-manifest-dependency, missing-newline-extrafiles, - missing-readme, no-utf8-coding-comment, - odoo-addons-relative-import, old-api7-method-defined, - redefined-builtin, - too-complex, unnecessary-utf8-coding-comment, + # messages that do not cause the lint step to fail + consider-merging-classes-inherited, + deprecated-module, + invalid-commit, + missing-readme, + odoo-addons-relative-import, + redefined-builtin, manifest-external-assets diff --git a/README.md b/README.md index c3ed52d72d..cce7996e03 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,7 @@ +[![Support the OCA](https://odoo-community.org/readme-banner-image)](https://odoo-community.org/get-involved?utm_source=repo-readme) + +# server-auth [![Runboat](https://img.shields.io/badge/runboat-Try%20me-875A7B.png)](https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=18.0) [![Pre-commit Status](https://github.com/OCA/server-auth/actions/workflows/pre-commit.yml/badge.svg?branch=18.0)](https://github.com/OCA/server-auth/actions/workflows/pre-commit.yml?query=branch%3A18.0) [![Build Status](https://github.com/OCA/server-auth/actions/workflows/test.yml/badge.svg?branch=18.0)](https://github.com/OCA/server-auth/actions/workflows/test.yml?query=branch%3A18.0) @@ -7,8 +10,6 @@ -# server-auth - server-auth diff --git a/checklog-odoo.cfg b/checklog-odoo.cfg index 0b55b7bf66..9cc94b30dd 100644 --- a/checklog-odoo.cfg +++ b/checklog-odoo.cfg @@ -1,3 +1,4 @@ [checklog-odoo] ignore= WARNING.* 0 failed, 0 error\(s\).* + WARNING.* Missing widget: res_partner_many2one for field of type many2one.* From 822142e2e43891f3f64357de16e81b4d6fe3d284 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Thu, 19 Feb 2026 14:03:44 +0100 Subject: [PATCH 3/4] [FIX] auth_jwt: silence jwt warning about short HMAC secrets used in tests --- auth_jwt/tests/test_auth_jwt.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/auth_jwt/tests/test_auth_jwt.py b/auth_jwt/tests/test_auth_jwt.py index 71d5b7a093..5175566869 100644 --- a/auth_jwt/tests/test_auth_jwt.py +++ b/auth_jwt/tests/test_auth_jwt.py @@ -51,7 +51,7 @@ def _mock_request(self, authorization): def _create_token( self, - key="thesecret", + key="thesecret012345678901234567890123456789", audience="me", issuer="http://the.issuer", exp_delta=100, @@ -71,7 +71,7 @@ def _create_validator( name, audience="me", issuer="http://the.issuer", - secret_key="thesecret", + secret_key="thesecret012345678901234567890123456789", partner_id_required=False, static_user_id=1, ): @@ -192,7 +192,7 @@ def test_auth_method_invalid_token_on_chain(self): ) as validator2, self._create_validator( "validator3", - secret_key="bad key", + secret_key="bad key 012345678901234567890123456789", ) as validator3, self._create_validator( "validator4", @@ -202,18 +202,18 @@ def test_auth_method_invalid_token_on_chain(self): self._create_validator( "validator5", issuer="http://other.issuer", - secret_key="bad key", + secret_key="bad key 012345678901234567890123456789", ) as validator5, self._create_validator( "validator6", audience="bad audience", - secret_key="bad key", + secret_key="bad key 012345678901234567890123456789", ) as validator6, self._create_validator( "validator7", issuer="http://other.issuer", audience="bad audience", - secret_key="bad key", + secret_key="bad key 012345678901234567890123456789", ) as validator7, ): validator1.next_validator_id = validator2 @@ -357,7 +357,7 @@ def test_get_validator(self): def test_bad_tokens(self): with self._create_validator("validator") as validator: - token = self._create_token(key="badsecret") + token = self._create_token(key="badsecret 012345678901234567890123456789") with self.assertRaises(UnauthorizedInvalidToken): validator._decode(token) token = self._create_token(audience="badaudience") From 452bd61ceef25eb3b040b05e0840652dc0639f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Bidoul?= Date: Thu, 19 Feb 2026 14:10:39 +0100 Subject: [PATCH 4/4] [FIX] auth_jwt_demo: silence jwt warning about short HMAC secrets used in tests --- auth_jwt_demo/demo/auth_jwt_validator.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth_jwt_demo/demo/auth_jwt_validator.xml b/auth_jwt_demo/demo/auth_jwt_validator.xml index 6bba454a67..31593e7a32 100644 --- a/auth_jwt_demo/demo/auth_jwt_validator.xml +++ b/auth_jwt_demo/demo/auth_jwt_validator.xml @@ -5,7 +5,7 @@ theissuer secret HS256 - thesecret + thesecret 012345678901234567890123456789 static email @@ -17,7 +17,7 @@ theissuer secret HS256 - thesecret + thesecret 012345678901234567890123456789 static email